Can not get external Zabbix server to monitor a node through PVE Firewall!

[Nefariousparity]

I have hundreds of servers, different firewalls. When I configure the rules on the data center level, after activation zabbix goes red in GUI. I have forwarded ports?

What blows my mind, is when I tail pve firewall I see this
-0500 ACCEPT: IN=vmbr1 PHYSIN=eno2 MAC=14:fe:b5:d2:d9:0b:cc:e1:7f:29:be:40:08:00 SRC=1.2.3.4 DST=8.8.4.4

Wah wah? My public interface bridge is VMBR0?

Firewall rules I made are for in and out like this



Thanks for looking.

 

[shrdlicka]

This is not a port foward . You set the firewall to accept TCP packets with source port 10050-10053 and destination port 10050-10053.

Your VMs are running in a NAT network?

 

[Nefariousparity]

Hello Shrdlicka. I run zabbix agent natively on the nodes to monitor my host nodes. I can't get the firewall to pass through those ports to the PVE nodes.

Thank you for the response.

 

[shrdlicka]

what you need to add an iptables rule for port forwading:

iptables -t nat -A PREROUTING -i <incoming host interface>  -p tcp --dport 10050:10053-j DNAT --to <zabbix host>:10050-10053